Data protection

Privacy notice

This page describes HostGuard's data processing practices.

The following notice describes HostGuard's data processing practices under the GDPR and the Hungarian Info Act (Infotv.).

Data controller

Name of the data controller: APPON LINE Kft.
Registered office: 2120 Dunakeszi, Római utca 1/1
Company registration number: 13-09-229851
Tax number: 23137631-2-13
Contact e-mail: info@hostguard.hu

This notice applies to the data processing carried out on the hostguard.hu website and through the HostGuard service. This notice was prepared under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 (Infotv.).

Scope of processed data

HostGuard processes the following categories of data necessary to provide the service:

  • Account registration and login: e-mail address, and a one-time login token for passwordless login, or, if the data subject logs in with their Google account, the Google identifier. HostGuard does not store passwords.
  • Monitor configuration: the URL(s) of the monitored website(s)/service(s), the check frequency, and, if provided by the data subject, additional alert e-mail addresses.
  • Alerts: the recipient's e-mail address or phone number for notifying about downtime/recovery by e-mail or SMS.
  • Health-agent metrics: if the data subject installs the health-agent script on their own server, HostGuard receives exclusively infrastructure-type technical data (disk, memory and system load, PHP version, the status of the monitored service ports), no customer or site content data. Details below, in a separate section.
  • Contact form: name, e-mail address, message text, and, on a technical basis, the sender's IP address (for abuse protection).
  • Billing data: in the case of a paid plan, company name/billing name, tax number, billing address (postal code, city, address), for issuing the invoice required by law.
  • Payment data: HostGuard does not store bank card data directly. We process the non-sensitive reference data returned by the payment provider (Stripe): Stripe customer identifier, Stripe payment method identifier, card type, the last 4 digits of the card number, expiry date. The full card number and the CVV code never reach HostGuard's servers (tokenization under PCI-DSS).

HostGuard does not process health data or any other special category of data (Article 9 GDPR), and given the nature of the service there is no need to provide such data.

Health-agent data processing

The health-agent is a single-PHP-file script voluntarily downloaded by the data subject and uploaded to their own server. Its sole task is to return infrastructure metrics to HostGuard's polling system through an endpoint protected by a unique token that the data subject can rotate: disk usage, memory usage, system load (load average), the PHP version running on the server, and the availability of the ports specified by the data subject (e.g. database service).

The script does not access or transmit any customer, visitor or site content data (no file system traversal, no database query, no shell command execution), and apart from the query HostGuard makes no modification whatsoever on the data subject's server. Access is protected by a permanent, constant-time token check; the token can be regenerated or revoked at any time in the data subject's account.

Data processors (APPON LINE Kft, simplesms.hu, Stripe, szamlazz.hu)

HostGuard uses the following data processors, each under a concluded data processing agreement (DPA):

  • APPON LINE Kft — server operation and hosting services.
  • simplesms.hu — delivery of SMS-based alerts (to the provided phone number).
  • Stripe — processing of bank card payments. Bank card payments are handled by Stripe Payments Europe, Ltd. (Ireland) as data processor; HostGuard does not store card data. Due to Stripe's global system, some data may be transferred outside the EEA, for which Stripe applies the Standard Contractual Clauses (SCC) under the GDPR, as well as certification under the EU-US Data Privacy Framework.
  • szamlazz.hu — issuing electronic invoices to fulfil the statutory obligation.

The data is not disclosed or sold to external, advertising or marketing third parties.

Data retention

  • Raw monitoring measurement data (hostguard.checks): deleted after 30 days; the daily aggregate is retained longer for trend purposes. This is technical data and does not contain personal data.
  • Alert recipients (e-mail or phone number): anonymized 90 days after delivery; the statistical fields (channel, status, timestamp) are retained.
  • Contact form data (name, e-mail, message): if the enquiry does not result in a customer relationship, the data controller processes the data for at most 1 year from the last contact, after which it is deleted. The sender's IP address is processed solely for abuse protection, in a purpose-bound manner, for 90 days, after which it is anonymized.
  • Account and billing data: processed for the duration of the active subscription/account; after account termination (self-service deletion process), data related to accounting vouchers is retained under the 8-year retention obligation set out in Section 169(2) of Act C of 2000 on Accounting, and for the limitation period of civil law claims arising from the contract (Section 6:22 of the Civil Code, typically 5 years).
  • Payment (Stripe) reference data: processed for the duration of the active, saved payment method; deleted on HostGuard's side when the account is deleted; the handling of data stored at Stripe is governed by Stripe's own privacy policy and retention rules.
  • Health-agent metrics: only the most recent measurement is stored per monitor (continuously overwritten); no separate retention is needed; it is deleted automatically when the monitor is deleted.

Rights of the data subject

Under Articles 15-22 of the GDPR, the data subject is entitled to request access, rectification, erasure (“right to be forgotten”), restriction of processing and data portability, and to object to processing based on legitimate interest.

For the deletion of the account and its related data, HostGuard provides a self-service account deletion process (with e-mail confirmation); in addition, a request to exercise the above rights may be sent to info@hostguard.hu The data controller fulfils the request without undue delay, but no later than one month from receipt of the request.

In the event of an infringement of their rights, the data subject may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH, 1055 Budapest, Falk Miksa utca 9-11., ugyfelszolgalat@naih.hu, www.naih.hu), or turn to a court.

Cookies

The Website does not use marketing or profiling cookies, only the session cookie necessary for login and the basic operation of the service.

Contact

The data subject may contact the data controller with questions or requests regarding HostGuard's data processing at info@hostguard.hu .

Last updated: 2026.07.14